Information disclosure

2017-04-2020:59:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.3%

JSON

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified.

CPENameOperatorVersion
wonderware_intouch_access_anywherele11.5.2

CPE	Name	Operator	Version
	wonderware_intouch_access_anywhere	le	11.5.2

References

software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/

www.securityfocus.com/bid/97256

ics-cert.us-cert.gov/advisories/ICSA-17-089-01